Google Git
Sign in
go / vulndb / 842487caaa036933f988cb3f54162dce2886711a / . / data / osv / GO-2024-3112.json
blob: 8a67b7b68a3e37a704e0ef5336145a2ad9a92bf9 [file] [log] [blame]
{
"schema_version": "1.3.1",
"id": "GO-2024-3112",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"GHSA-g5xx-c4hv-9ccc"
],
"summary": "CometBFT's state syncing validator from malicious node may lead to a chain split github.com/cometbft/cometbft",
"details": "CometBFT's state syncing validator from malicious node may lead to a chain split github.com/cometbft/cometbft",
"affected": [
{
"package": {
"name": "github.com/cometbft/cometbft",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0.37.0"
},
{
"fixed": "0.37.11"
},
{
"introduced": "0.38.0"
},
{
"fixed": "0.38.12"
}
]
}
],
"ecosystem_specific": {
"imports": [
{
"path": "github.com/cometbft/cometbft/light",
"symbols": [
"Client.TrustedLightBlock",
"Client.Update",
"Client.VerifyHeader",
"Client.VerifyLightBlockAtHeight",
"Client.compareFirstHeaderWithWitnesses",
"Client.compareNewHeaderWithWitness",
"Client.detectDivergence",
"Client.findNewPrimary",
"Client.initializeWithTrustOptions",
"ErrInvalidHeader.Error",
"ErrNewValSetCantBeTrusted.Error",
"ErrOldHeaderExpired.Error",
"ErrVerificationFailed.Error",
"NewClient",
"NewClientFromTrustedStore",
"NewHTTPClient",
"NewHTTPClientFromTrustedStore",
"TrustOptions.ValidateBasic",
"ValidateTrustLevel",
"Verify",
"VerifyAdjacent",
"VerifyBackwards",
"VerifyNonAdjacent",
"errBadWitness.Error",
"errConflictingHeaders.Error"
]
},
{
"path": "github.com/cometbft/cometbft/types",
"symbols": [
"ABCIParams.VoteExtensionsEnabled",
"Block.Hash",
"Block.HashesTo",
"Block.MakePartSet",
"Block.Size",
"Block.String",
"Block.StringIndented",
"Block.StringShort",
"Block.ToProto",
"Block.ValidateBasic",
"BlockFromProto",
"BlockID.Key",
"BlockID.String",
"BlockID.ValidateBasic",
"BlockIDFromProto",
"BlockMeta.ValidateBasic",
"BlockMetaFromProto",
"BlockMetaFromTrustedProto",
"CanonicalTime",
"CanonicalizeBlockID",
"CanonicalizeProposal",
"CanonicalizeVote",
"Commit.GetVote",
"Commit.Hash",
"Commit.StringIndented",
"Commit.ToVoteSet",
"Commit.ValidateBasic",
"Commit.VoteSignBytes",
"CommitFromProto",
"CommitSig.BlockID",
"CommitSig.FromProto",
"CommitSig.String",
"CommitSig.ValidateBasic",
"ConsensusParams.ValidateBasic",
"ConsensusParams.ValidateUpdate",
"Data.StringIndented",
"DuplicateVoteEvidence.Bytes",
"DuplicateVoteEvidence.Hash",
"DuplicateVoteEvidence.String",
"DuplicateVoteEvidence.ValidateBasic",
"DuplicateVoteEvidenceFromProto",
"ErrEvidenceOverflow.Error",
"ErrInvalidCommitHeight.Error",
"ErrInvalidCommitSignatures.Error",
"ErrInvalidEvidence.Error",
"ErrNotEnoughVotingPowerSigned.Error",
"ErrVoteConflictingVotes.Error",
"ErrVoteExtensionInvalid.Error",
"EventBus.OnStart",
"EventBus.OnStop",
"EventBus.PublishEventNewBlock",
"EventBus.PublishEventNewBlockEvents",
"EventBus.PublishEventTx",
"EventQueryTxFor",
"EvidenceData.ByteSize",
"EvidenceData.FromProto",
"EvidenceData.Hash",
"EvidenceData.StringIndented",
"EvidenceData.ToProto",
"EvidenceFromProto",
"EvidenceList.Has",
"EvidenceList.Hash",
"EvidenceList.String",
"EvidenceToProto",
"ExtendedCommit.EnsureExtensions",
"ExtendedCommit.GetByIndex",
"ExtendedCommit.GetExtendedVote",
"ExtendedCommit.ToExtendedVoteSet",
"ExtendedCommit.ValidateBasic",
"ExtendedCommitFromProto",
"ExtendedCommitSig.EnsureExtension",
"ExtendedCommitSig.FromProto",
"ExtendedCommitSig.String",
"ExtendedCommitSig.ValidateBasic",
"GenesisDoc.SaveAs",
"GenesisDoc.ValidateAndComplete",
"GenesisDoc.ValidatorHash",
"GenesisDocFromFile",
"GenesisDocFromJSON",
"Header.Hash",
"Header.StringIndented",
"Header.ValidateBasic",
"HeaderFromProto",
"LightBlock.String",
"LightBlock.StringIndented",
"LightBlock.ToProto",
"LightBlock.ValidateBasic",
"LightBlockFromProto",
"LightClientAttackEvidence.Bytes",
"LightClientAttackEvidence.Hash",
"LightClientAttackEvidence.String",
"LightClientAttackEvidence.ToProto",
"LightClientAttackEvidence.ValidateBasic",
"LightClientAttackEvidenceFromProto",
"MakeBlock",
"MakeExtCommit",
"MakeVote",
"MakeVoteNoError",
"MaxDataBytes",
"MaxDataBytesNoEvidence",
"MockPV.SignProposal",
"MockPV.SignVote",
"MockPV.String",
"NewBlockMeta",
"NewDuplicateVoteEvidence",
"NewErroringMockPV",
"NewMockDuplicateVoteEvidence",
"NewMockDuplicateVoteEvidenceWithValidator",
"NewMockPV",
"NewValidatorSet",
"Part.String",
"Part.StringIndented",
"Part.ValidateBasic",
"PartFromProto",
"PartSet.AddPart",
"PartSet.MarshalJSON",
"PartSet.StringShort",
"PartSetHeader.String",
"PartSetHeader.ValidateBasic",
"PartSetHeaderFromProto",
"Proposal.String",
"Proposal.ValidateBasic",
"ProposalFromProto",
"ProposalSignBytes",
"QueryForEvent",
"RandValidator",
"RandValidatorSet",
"SignAndCheckVote",
"SignedHeader.String",
"SignedHeader.StringIndented",
"SignedHeader.ValidateBasic",
"SignedHeaderFromProto",
"Tx.String",
"TxProof.Validate",
"TxProofFromProto",
"Txs.Validate",
"ValidateHash",
"Validator.Bytes",
"Validator.String",
"Validator.ToProto",
"Validator.ValidateBasic",
"ValidatorFromProto",
"ValidatorListString",
"ValidatorSet.CopyIncrementProposerPriority",
"ValidatorSet.GetProposer",
"ValidatorSet.Hash",
"ValidatorSet.IncrementProposerPriority",
"ValidatorSet.Iterate",
"ValidatorSet.String",
"ValidatorSet.StringIndented",
"ValidatorSet.ToProto",
"ValidatorSet.TotalVotingPower",
"ValidatorSet.UpdateWithChangeSet",
"ValidatorSet.ValidateBasic",
"ValidatorSet.VerifyCommit",
"ValidatorSet.VerifyCommitLight",
"ValidatorSet.VerifyCommitLightAllSignatures",
"ValidatorSet.VerifyCommitLightTrusting",
"ValidatorSet.VerifyCommitLightTrustingAllSignatures",
"ValidatorSet.findProposer",
"ValidatorSetFromExistingValidators",
"ValidatorSetFromProto",
"VerifyCommit",
"VerifyCommitLight",
"VerifyCommitLightAllSignatures",
"VerifyCommitLightTrusting",
"VerifyCommitLightTrustingAllSignatures",
"Vote.CommitSig",
"Vote.ExtendedCommitSig",
"Vote.String",
"Vote.ValidateBasic",
"Vote.Verify",
"Vote.VerifyExtension",
"Vote.VerifyVoteAndExtension",
"VoteExtensionSignBytes",
"VoteFromProto",
"VoteSet.AddVote",
"VoteSet.BitArrayByBlockID",
"VoteSet.BitArrayString",
"VoteSet.HasAll",
"VoteSet.HasTwoThirdsAny",
"VoteSet.LogString",
"VoteSet.MakeExtendedCommit",
"VoteSet.MarshalJSON",
"VoteSet.SetPeerMaj23",
"VoteSet.String",
"VoteSet.StringIndented",
"VoteSet.StringShort",
"VoteSet.VoteStrings",
"VoteSignBytes"
]
}
],
"custom_ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0.34.0"
},
{
"fixed": "0.34.34"
}
]
}
]
}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cometbft/cometbft/security/advisories/GHSA-g5xx-c4hv-9ccc"
},
{
"type": "FIX",
"url": "https://github.com/cometbft/cometbft/commit/3937e00a339ee6b861d75997b4f6c87d867b74f2"
},
{
"type": "FIX",
"url": "https://github.com/cometbft/cometbft/commit/52c00a537f8f56ed94b4a5c8af6e3fecff468b55"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3112",
"review_status": "REVIEWED"
}
}